Telstra found divulging web browsing histories to law-enforcement agencies without a warrant

Deputy technology editor

Telstra says it has divulged customers' web browsing histories without a warrant.

The federal government has been left red-faced following revelations that law-enforcement agencies have been accessing Australians' web browsing histories without a warrant.

Access to phone and internet data held by telecommunications companies has been the subject of much debate recently, as the government seeks to extend the power of intelligence and law-enforcement agencies to fight terrorism and crime. It has proposed telcos retain customers' metadata for up to two years for investigation.

However, spy agency ASIO and federal police have given assurances that data on what websites Australians visit - know as web history - could only be obtained with warrants.

Telstra confirmed on Tuesday evening it had provided URLs to agencies without a warrant "in rare cases". It did not name the agencies or how many times it provided information.

"The last time we did so was in relation to a life-threatening situation involving a child more than 12 months ago," a Telstra spokeswoman said.

Jaan Murphy, author of the report, said the current regime already appeared to allow for access.

"The current regime for access to metadata arguably allows law enforcement and intelligence agencies to access [Uniform Resource Locators] under the umbrella of 'metadata' (provided the URL does not identify the content of the communication) despite stakeholders holding contradictory perspectives," Murphy wrote.

In the paper, Murphy quotes a little-known submission by Telstra to a previous inquiry which examined, among many things, whether telcos should be required by law to store certain customer data for a period of up to two years.

Telstra's submission indicated that the type of data it had already disclosed to law-enforcement and national security agencies without a warrant included "...(URLs) to the extent they do not identify the content of the communication".

"Industry practice therefore illustrates that URLs are currently provided to law-enforcement and national security agencies without a warrant," Murphy concluded.

A Telstra spokewsoman said despite it divulging URLs in rare instances, the company did "not collect URLs as a normal part of providing customer services".

In further comments published on Telstra's Twitter account, company representatives said it did "not collect and store web browsing history against customer accounts".

In a Senate inquiry discussing comprehensive revisions of the Telecommunications Interception and Access Act last month, outgoing ASIO chief David Irvine said to gain access to web browsing histories agencies such as ASIO needed a warrant.

"Web surfing … is not picked up by us and is not regarded by us as metadata; it is regarded as content, and we need to have a warrant for that," Mr Irvine told Senator Scott Ludlam.

The Act requires Telstra comply with warrantless authorisation requests from law-enforcement agencies for non-content data. Agencies that can access the data include federal, state and territory police, Medicare, Bankstown Council in NSW, WorkSafe Victoria, the RSPCA, the Tax Office, Australia Post, ASIO, ASIC and many others when conducting criminal and financial investigations.

In 2012-13 the Attorney-General's Department reported that such data was accessed 330,640 times, an 11 per cent increass over the previous year and a jump of 31 per cent over two years.

A spokesman for Attorney-General George Brandis declined to comment to Fairfax Media, but toldZDNet that access to URLs should require a warrant.

"Security agencies currently require a warrant to access URLs and this requirement will continue," the spokesman reportedly said.

Earlier this month, the Attorney-General and Prime Minister Tony Abbott said a mandatory data retention regime had been given "in principle" cabinet approval for legislating later this year. They said it was needed to ensure telcos continued to retain data for law-enforcement purposes.

Telstra's contradictory statements and assurance that it doesn't normally collect URLs, but was able to provide them in rare cases, is unlikely to satisfy privacy advocates and civil libertarians.

The Attorney-General's department, which administers the Act, has, over the past month, repeatedly refused to answer Fairfax questions about what constitutes metadata and whether it includes web browsing histories.

In high-level briefings with intelligence officials in Canberra, journalists were told that web browsing histories did not constitute metadata. Internet surfing history was considered "content". Websites visited were also not metadata, they were told.

Prime Minister Abbott's recently appointed Human Rights Commissioner Tim Wilson is also against data retention, as are a number of other civil liberties groups.

Optus said it did not comment on specific data retention practices or law enforcement requests.

"Optus co-operates fully with law enforcement and national security agencies as required by legislation and in accordance with the rules established for access to customer information," an Optus spokeswoman said.

A Vodafone spokeswoman also wouldn't comment, saying instead that the company was "committed to the privacy" of its customers.

74 comments so far

This is why we need to be very sceptical, not only of politicians but also the police forces. For one, no one has clear definitions of the terms that are being bandied about and the politicians dont have a full understanding of what is actually going on.

Secondly the police generally see no problem with full and warrantless access to as much data as they can get. Of course they need to e able to do their job, but there seems to be no concept of personal privacies when senior police lobby the government. The fact that Vic and NSW police wont comment is also concerning.

Commenter

Dave

Location

Melbourne

Date and time

August 20, 2014, 2:16AM

Dave, you must remember that the police are the enforcement arm of the government. They do and say what is ultimately in the interests of their political masters.

Having said that, police in this country are far too often meddling in politics and trying to create policy - they should stick to their doughnuts and coffee (and collecting revenue for their masters).

The mass collection of data by police is nothing more than laziness. I am sure crime gangs and so on are aware now of how to circumvent this collection but then this isn't really about these sort of criminals, is it.

This collection of data is about appeasing the masters above the politicians; the lobby groups for 'copyright' holders.

Commenter

Mr T

Date and time

August 20, 2014, 6:22AM

The problem is that despite the rhetoric of the police being part of the community it's simply not true. The police are directed by government, despite the protestations you can see it everywhere. And the law is seen by the police, at times, as being an obstruction to them, so it has to be circumvented where this is seen to be necessary. It's a shame that the police haven't taken a position as defenders of civil rights instead of colluding with the political class to destroy our civil rights.

Commenter

Royd Bogan

Date and time

August 20, 2014, 8:26AM

@mrT i would run for the hills with statements like that the swat team will track you down and lock you up.....and put you in hunger games....that movie is our future in may years time...

Commenter

skeptic

Location

perth

Date and time

August 20, 2014, 8:28AM

@Mr T..Exactly...The donators to politicians...."Lobby" sounds so less corrupt, disgraceful, counter-public-interest and criminal than what it actually is.

Commenter

JohnBB

Date and time

August 20, 2014, 8:46AM

This is incorrect, Firstly, Browsing history is a personal privacy and requires a user signed agreement for Telstra to even save or monitor it. Secondly, it is not metadata, as metadata is the term used when creating a web-page and is standard writing that cannot change or be tracked, it is merely the date the page was created, its author, whatever name you wish that to be, and its meta tags such as keywords. Everyone has been asking what is metadata as they feel it is a misleading phrase and it is. People have to realise, a lot of recent legislations are invalid and gone unquestioned, even the privacy commissioner was trying to make an opinion without even knowing what metadata means, therefore not fit to even judge the matters until he learns it. ASIO has invalid pseudo hacking powers sort of like the secret service theme, they too are illegal and the old theme stands, that being, don't get caught obtaining it, and it cant be used as evidence and only can be used to clue them to evidences. The Govt do not need to spy to discover an identity, the IP lookup avenue called whois can detect the identities of any IP and it's service is available to anyone. The GOVT need a reason and a warrant to invade any of our online privacy but meets a roadblock if any conversation has an overseas content by others protected by international law. It appears most legal experts are not up to speed on cyberland.

Commenter

Brian Woods

Location

Glenroy

Date and time

August 20, 2014, 8:46AM

The police are not necessarily the arm of Govenrment. John Cain disbanded the Victoria Police "Special Branch", only to find that they never really shut it down and continued to spy on politicians.

Interestingly, security organisations tend to align with right wing ideologies. It may be that agencies are simply so caught up in their fundamentalist, total authoritarian structure they operate under, rather than any deliberate conspiracy (Though the Special Branch situation was indeed a conspiracy).

Following orders, unreflectively, is the role of the automaton and those wishing to control everything like automatons.

Commenter

oh-owe

Date and time

August 20, 2014, 9:06AM

Yep, there are two key tautologies here -- bent police and bent politicians.We have to be eternally wary of both.

Commenter

Mandelbrot

Location

Forrest

Date and time

August 20, 2014, 9:38AM

Brian Woods You are wrong. Telstra does keep browser data for a while and it is routinely used to investigate customer complaints and in Police investigations without warrants. Telstra has a close working relationship with Federal and State Police forces and phone call data and internet activity is not covered under court enforced warrants that are required for phone tap intercepts. As to the customer having to provide written permission it is an accepted part of the provision of service relating to billing and charging. Telstra has admitted that call data records have been accessed by the Australian Post Office, Local Governments, Debt recovery agencies and the State and Federal Police forces without requiring warrants or permission from the customer. Phone and Internet histories are a powerful tool in thsi modern world.

Commenter

Quantum of Solace

Location

The Real World

Date and time

August 20, 2014, 10:43AM

Brian Woods of Glenroy next time you're on the internet go into incognito mode and read the bio all info and browser history is keep by your isp learn about your internet before you use it my friend.